Stanford Security Lab

Protocol Composition Logic (PCL)

Summary

PCL is a logic
for proving security properties of network protocols. Two central results for
PCL are a set of composition theorems and a computational soundness theorem. In
contrast to traditional folk wisdom in computer security, the composition
theorems allow proofs of complex protocols to be built up from proofs of their
constituent sub-protocols. The computational soundness theorem guarantees that,
for a class of security properties and protocols, axiomatic proofs in PCL carry
the same meaning as reduction-style cryptographic proofs. Tool implementation
efforts are also underway. PCL and a complementary model-checking
method have been successfully applied to a number of internet,
wireless and mobile network security protocols developed by the IEEE and IETF
Working Groups. This work identified serious security vulnerabilities in the
IEEE 802.11i wireless security standard and the IETF GDOI standard. The
suggested fixes have been adopted by the respective standards bodies.

PCL has been the topic of invited talks at
premier venues including ASL'01, MFPS'03, ICALP'05, LCC'06, and ASIAN'06. It
has been taught in security courses at a number of universities
including Aachen, CMU, Penn, Stanford, and Texas.
Three papers on this work have been
invited to special issues of journals, which are compilations of the best
papers presented at the respective venues.

The following papers and set of slides provides an
overview of this project. For further details, please read the other papers
included below.

[A1] C. Meadows,
D. Pavlovic,
Deriving, attacking and defending the GDOI protocol, in Proceedings of 9th
European Symposium On Research in Computer Security, pp.
53-72, September 2004. [ Paper ]symbolic PCL | GDOI: a flaw is found and a fix is proposed